Project

General

Profile

Actions

Regression #14947

closed

Rules using aliases of type ``URL (IPs)`` are not generated

Added by Remy Monsen 5 months ago. Updated 5 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Aliases / Tables
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
23.09.1
Release Notes:
Default
Affected Version:
2.7.1
Affected Architecture:
All

Description

After updating my Netgate 4100 box to 23.09 it started spamming notifications in the web gui every time the firewall filters are reloaded.

The exact notification reads
  • Unresolvable source alias 'alias_name' for rule 'Rule description' @ 2023-11-07 08:29:18

These aliases were all configured under 23.05.01 and worked perfectly fine there.

The main issue seems to be that the firewall is unable to find/use the alias, as the aliases themselves update from the external URL just fine.

This issue affects aliases of type 'URL (IPs)', while table aliases like 'URL Table (IPs)' are not affected by the problem.

The net result is that the firewall rules that depends on these aliases simply do not work, like locking me out from external access due to my whitelist rule no longer working, even though the alias itself still lists the whitelisted IP's, both on the alias page, an on the firewalls rule page, so it seems like the GUI picks them up just fine, it is just the actual firewall itself that doesn't.

This issue seem to have affected multiple people, as per this forum post: [[https://forum.netgate.com/topic/183882/unresolvable-source-alias-after-upgrade-to-23-09]]


Related issues

Has duplicate Bug #15002: Error 'Unresolvable destination alias' for URL alias of type URL (IPs) since PFSense 23.09Duplicate

Actions
Has duplicate Regression #15003: URL Alias cause the error "Unresolvable source alias"Duplicate

Actions
Actions #1

Updated by Remy Monsen 5 months ago

For reference, I've also tested by creating new aliases under 23.09 and assigning these to the firewall rules, and while this works perfectly fine in the GUI, the reported behavior is the same, a non-functioning firewall rule and a notification every filter reload.

Actions #2

Updated by Steve Wheeler 5 months ago

  • Project changed from pfSense Plus to pfSense
  • Category changed from Aliases / Tables to Aliases / Tables
  • Status changed from New to Confirmed
  • Target version set to 2.8.0
  • Affected Plus Version deleted (23.09)
  • Plus Target Version set to 24.03
  • Affected Version set to 2.7.1

Replicated this in 2.7.1

Actions #3

Updated by Marcos M 5 months ago

  • Subject changed from URL Alias broken in 23.09 to Rules using aliases of type URL IP are not generated
  • Assignee set to Marcos M
Actions #4

Updated by Marcos M 5 months ago

  • Subject changed from Rules using aliases of type URL IP are not generated to Rules using aliases of type ``URL (IPs)`` are not generated
Actions #5

Updated by Marcos M 5 months ago

  • Status changed from Confirmed to Feedback
  • % Done changed from 0 to 100
Actions #6

Updated by Danilo Zrenjanin 5 months ago

  • Status changed from Feedback to Resolved

I replicated the issue on 23.09-RELEASE (amd64).

After applying the patch, the firewall successfully loaded the list of IPs from the URL type alias.

I am marking this ticket resolved.

Actions #7

Updated by Marcos M 5 months ago

  • Tracker changed from Bug to Regression
Actions #8

Updated by → luckman212 5 months ago

Is this patch landing in the 'Recommended System Patches' area for 23.09?

Actions #9

Updated by Jim Pingle 5 months ago

  • Target version changed from 2.8.0 to 2.7.1
Actions #10

Updated by Jim Pingle 5 months ago

  • Has duplicate Bug #15002: Error 'Unresolvable destination alias' for URL alias of type URL (IPs) since PFSense 23.09 added
Actions #11

Updated by Jim Pingle 5 months ago

  • Has duplicate Regression #15003: URL Alias cause the error "Unresolvable source alias" added
Actions #12

Updated by Jim Pingle 5 months ago

  • Target version changed from 2.7.1 to 2.7.2
  • Plus Target Version changed from 24.03 to 23.09.1
Actions #13

Updated by Jim Pingle 5 months ago

  • Target version changed from 2.7.2 to 2.7.1
Actions

Also available in: Atom PDF